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REMARKS 



Claims 1-22 were previously pending in this application. Claims 23-24 were canceled by 
a preliminary amendment. By this amendment, new claims 25-3 1 have been added. As a result, 
claims 1-22 and 25-31 are pending for examination with claims 1,15 and 25 being independent 
claims. No new matter has been added. 

Applicants request that the Information Disclosure Statement and PTO-1449 form 
received by the Patent & Trademark Office on April 13, 2001 be considered by the Examiner. 

Rejections 35 U.S.C. § 102(b) 

Claims 1-4, 7-15 and 18-22 have been rejected under 35 U.S.C. § 102(b) as being 
anticipated by U.S. Patent No. 4,766,646 (Henderson). The Examiner concluded that Henderson 
can pass update codes to a specific access controller, and therefore the identity structure must 
include an application template and configuration data that the access controller uses to update 
itself. Applicant respectfully does not agree with this conclusion drawn by the Examiner. 

Claim 1 recites that the central control means includes "an identity structure relating to 
the permissible behavior of an access controller . . . when communication of identity structure to 
an access controller unit is required, a virtual configuration link is created between the central 
control means and the access controller for that value unit, via an operator control unit, for the 
transfer of the identity structure from the central control means to the access controller to 
initialise the access controller and so allow the access control data to gain access to the access 
controller." Method claim 15 contains a similar recitation. This feature of the access control 
system is discussed in the specification at least at page 8, lines 24-25 and page 10, lines 3-11, 
and allows the access controllers and operator control units to store minimal information. The 
operator control units only need to store the identity structure when access to the access 
controller is to be granted. Prior to accessing the access controller, very limited information is 
present in the operator control units that an "attacker" can observe. 

In contrast, Henderson teaches a lockbox system in which the lockbox, once dispatched 
for use and communication with the keys, permanently contains information controlling the 
operation of the lockbox in its memory. (See Henderson, col. 3, line 65 to col. 4, line 5). 
Although Henderson teaches keys that have characterization instructions that may be 
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downloaded to a lockbox, these are limited and do not serve the function of initializing the 
lockbox to allow the lockbox to receive and process access control data. (See Henderson, col. 9, 



to the initialization procedure for the lockbox. The initialization procedure taught by Henderson 
is performed by a computer coupled to a stand, not by a key. (See Henderson, col. 36, line 49 to 
col. 37, line 24). Once initialized, the lockbox can only be reprogrammed by a computer. (See 
Henderson, col. 17, lines 64-66, col. 37, lines 17-19). 

Due to the existence of information in the lockbox and keys of Henderson, potential 
security problems exist. These security problems are attempted to be alleviated by the use of a 
key expiration date. (See Henderson, col. 18, lines 14-63). In Applicants' claimed invention, the 
operator control units usually contain no information of use until the access controller has been 
initialized. This reduces the need for an expiration date. Furthermore, Henderson addresses the 
problem of stolen keys by including in the lockbox restricted data that cannot be updated by any 
key. (See Henderson, col. 17, lines 55-66). Accordingly, the lockbox of Henderson must be 
returned to a stand in order to allow this information to be updated. (See Henderson, col. 8, lines 
55-68). This is in contrast to the access controllers of the Applicants, which do not need to have 
restricted parts of the identity structure that cannot be updated by a key, particularly before the 
access controller has been initialized. 

Thus, independent claims 1 and 15 patentably distinguish over the cited references. 

Claims 2-4 and 7-14 and claims 18-22 respectively depend from independent claims 1 
and 15 and are patentable for at least the same reasons. 

Rejections 35 U.S.C. § 103 

Claims 5, 6, 16 and 17 have been rejected as unpatentable under 35 U.S.C. § 103 over 
Henderson. Applicant respectfully traverses the rejections. These claims are directed to the 
identity structure being encrypted and only decipherable by selected access controllers and 
central control means or to the control data being encrypted. In contrast, Henderson teaches that 
the stand 16 decrypts the computer data before it is sent to either the lockbox or key. Henderson 
does not teach that the data is only decipherable by the lockbox and computer. (See Henderson, 
col. 8, lines 34-43). 



^ lines 1-5). Instead, the ability 



to receive and process data is already present in the lockbox due 
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Additionally, claims 5 and 6 and claims 16 and 17 respectively depend from independent 
claims 1 and 15 and are allowable for at least the same reasons set for above. 

New Claims 25-29 

Dependent claims 25 and 26 depend respectively from independent claims 1 and 15 and 
have been added to further define the invention. These claims are directed to the feature of the 
identity structure being removed from the access controller after accessing the access controller. 
Support may be found in the specification on page 12, lines 17-19. 

Claims 27-3 1 have been added to further define the invention. 

These claims are directed to the feature of automatically communicating or updating 
identity structures. Support may be found in the specification on page 10, lines 11-18. These 
new claims define over the cited art. Henderson does not suggest the automatic communication 
or update of identify structure information. Instead, Henderson teaches to rely on the operators 
to manually cause the communication of update information, using the "PROGRAM function" 
on the key. (See Henderson, col. 17, lines 15-68 and col. 5, lines 50-60). The Applicants' 
remote access system therefore removes reliance on trusted people to reconfigure an access 
controller. 

In addition to these features, claim 28 also recites the features discussed above with 
regard to claims 1 and 15. Thus, claim 28 is also patentable for at least the same reasons set 
forth above with regard to claims 1 and 15. 
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CONCLUSION 



In view of the foregoing amendments and remarks, this application should now be in 
condition for allowance. A notice to this effect is respectfully requested. If the Examiner 
believes, after this amendment, that the application is not in condition for allowance, the 
Examiner is requested to call the Applicant's attorney at the telephone number listed below. 

If this response is not considered timely filed and if a request for an extension of time is 
otherwise absent, Applicant hereby requests any necessary extension of time. If there is a fee 
occasioned by this response, including an extension fee, that is not covered by an enclosed 
check, please charge any deficiency to Deposit Account No. 23/2825. 



Respectfully submitted, 




By: 



Kristin D. Wheeler, Reg. No. 43,583 
Lawrence M. Green, Reg. No. 29,384 



WOLF, GREENFIELD & SACKS, P.C. 
600 Atlantic Avenue 



Boston, Massachusetts 02210-2211 
Telephone: (617) 720-3500 



Date: April ,2004 
x04/27/04 
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